Programmable logic devices (PLDs), such as field programmable gate arrays (FPGAs) or complex programmable logic devices (CPLDs), may be programmed with configuration data to provide various user-defined features. For example, configuration data may be loaded from an external non-volatile memory, such as a flash memory, into volatile configuration memory of the PLD.
The particular configuration data bitstream loaded into the PLD may be proprietary in nature, and as a result, it is desirable for developers to maintain its secrecy. Because many conventional non-volatile memories permit configuration data bitstreams to be read by external devices, developers may choose to encrypt configuration data bitstreams before they are stored in external non-volatile memory and loaded into the PLD.
Configuration data is often encrypted and decrypted through the use of conventional security keys. For example, a configuration data bitstream may be encrypted using a particular security key and then stored in an external non-volatile memory in encrypted form. The encrypted configuration data bitstream may be loaded into the PLD from the external non-volatile memory and decrypted by the PLD using the appropriate security key stored onboard the PLD. The decrypted configuration data may then be loaded into volatile configuration memory of the PLD. In such applications, the security of the configuration data largely depends on maintaining the secrecy of the security key and the manner in which the security key is stored onboard the PLD.
However, existing approaches to onboard security key storage in PLDs is generally problematic. For example, in certain implementations, the security key may be stored in volatile SRAM cells onboard the PLD which are maintained by a battery. Nevertheless, the security key will be lost if there is a disruption in the power supplied to the SRAM cells as a result of, for example, a battery failure.
In other implementations, the security key may be stored in non-volatile memory onboard the PLD. Unfortunately, if such non-volatile memory exhibits a manufacturing defect, individual data bit values of the security key may be incorrectly stored. As a result, an erroneous security key may be used by the PLD, thereby preventing the PLD from properly decrypting incoming configuration data bitstreams.
Accordingly, there is a need for an improved approach to maintaining the secrecy of security keys stored in non-volatile memory. In addition, there is a need for an improved approach to the programming of security keys that reduces the likelihood of incorrect data bit values of the security key being stored in non-volatile memory.